In general, keys may be needed, for example, for encryption, decryption, and signature in the use of services of various systems (devices). Heretofore, the keys for use in various systems have been independently managed in the respective systems.
In contrast, a method that has recently been drawing attention puts together and manages the keys for use in various systems by one key management server device (key management device) and acquires the keys from the key management server device as required. Product development or specification formulation for such an arrangement has been in progress.
According to this key management server device, the keys managed in the key management server device are distributed to, for example, clients (devices), and the clients can use services of the system by using the keys.
Key management in the arrangement that uses the key management server device to distribute the keys to the clients is described here. In response to a request for a key (for example, a secret key) for use in the system from the client, the key management server device encrypts, for example, the requested secret key (hereinafter referred to as a system secret key) for use in the system for the client, and returns, to the client, the encrypted system secret key included in a response to the request. A possible way of encryption for the client is, for example, encryption based on public key encryption or encryption based on common key encryption that uses a key generated by a key sharing protocol.
When the encrypted system secret key is returned from the key management server device, the encrypted system secret key is decrypted at the client. As a result, the client can use the service of the system by using the decrypted system secret key.
In the meantime, according to the above recent specification that puts together all the keys in the key management server device, the key management server device manages all the system secret keys. Leakage of the system secret keys may have an considerable influence. Therefore, stricter key management is needed in the key management server device than ever.
One possible way is to manage, in the key management server device, the system secret keys by encrypting all these keys with a key (master key) of the key management server device. The master key is, for example, a key (common key) in common key encryption. Thus, even if the system secret keys managed in the key management server device have leaked out, the system secret keys can be protected because these system secret keys are encrypted.
In this case, if a key is requested by a client, the key management server device temporarily decrypts the system secret key under the encryption management with the master key of the key management server device, encrypts the decrypted system secret key for the client as described above, and returns the key to the client. The client decrypts the encrypted system secret key returned from the key management server device as described above. This allows securer distribution of the system secret key to the client.
As described above, the leakage of data (for example, the system secret keys and the master key) in the process of distributing the system secret key to the client (hereinafter referred to as a key distribution process) is a problem, so that the processing and data in this process have to be strictly protected. Therefore, the above key distribution process needs to be performed under a strictly protected environment. In other words, the key distribution process cannot be performed under an environment that is not secure.
When all the keys (for example, system secret keys) are put together in the key management server device, there are more processing and regions (regions to manage the keys) to be protected than before, and key management costs increase proportionately.
Particularly when the master key of the key management server device has leaked out, all the keys (for example, system secret keys) managed in the key management server device can be decrypted. Therefore, the master key needs to be strictly protected by the use of, for example, a secret sharing technique or a password-based encryption method.
However, the strict protection of the master key has to be performed on the key management server device. It is thus obvious that the protection method that is more complicated has a greater influence on the running cost of the key management server device.